Feeds

The unsavoury world of PC licences and Firefox exploits

It's nasty out there, kids

  • alert
  • submit to reddit

Top three mobile application threats

Letters A quick rummage through the letters bag for the choicest morsels [sounds like a dog food advert - Ed] turned up one of your favourite topics: the television licence, and its future.

Those from outside the UK are often utterly baffled by the television licence: a piece of paper conferring upon the grateful subject the right to watch the goggle box. Here in Blighty, opinion on the subject is already deeply divided, so you can probably imagine the kind of reaction to government speculation that the long-term future of the licence could possibly involve a possible switch to a PC licence:

Makes sense. I don't pay the TV license because the aerial doesn't work. Instead, BitTorrent and the BBC On-Demand Player satisfies all my needs. Even had a TV license guy come in, I told him I download everything, and there's nothing he could say to that.

Living in guilt,

Anon


John,

Wow, what a wonderful idea. The same state system that whines on about trendy concepts like 'digital divides' then goes on to suggest instead of taxing TVs, we'll tax PCs instead. Sounds like jobs for the boys following the analogue switch-off.

How's this for an idea - sack the bureaucrats who come up with this trash (this will probably save the same amount anyway), make Auntie self-financing by encrypting the TV channels and offering them out via digital service so that we, the consumer, can choose what we watch (Why should I pay for BBC 4 so a handful of high-brow types can watch opera/Why should high-brow opera types pay for knuckle-dragging content on BBC 3?).

Alternatively, the government could be honest, whack a penny on income tax and directly fund Auntie. After all, Geriatrics do so love their state pension.

Curtis, the foaming, gibbering mass, sitting in the corner with too much time on his hands.......


PC Tax

Several thoughts spring into my mind here, first what's a PC? A playstation? A Mac? A nokia Communicator? A SKY+ box?

Second why pick on PC's to fund the BBC, why not telephones or shoes?

Ian


A "PC Tax"? Heaven forbid!

"Unenforceable?" - when my phone and my PDA are in effect PC'S that can get the BBC - you bet!

Remember the "Window Tax" of 2 centuries ago? You can still see the bricked-up windows.

If I was Jessa Towel, I would be thinking along the following lines:

a VOLUNTARY TAX on ISP's, which networks run by BT would pay for immediately. In return for their payment, these ISP's will be able to offer their customers access to "state-provided" services, including of course the BBC, but also the other things you need to connect to the authorities for, such as taxes, the dole, driving license, voting, school meals preferences, planning permission, hip surgery..............

ISP's who didn't pay up would still be able to provide a "second-class" service for the brickers-up.

Andrew


Some of you took issue with the results of an RSA Security survey which found London's Wi-Fi networks are unsecured and vulnerable to attack:

In regard to your recent publication on the survey claiming a percentage of Wireless networks in the London area are not secure, I believe this to be a tremendously flawed number.

For you see, you cannot easily find out if a network is not secure.

Most would say, you could war drive around for a few hours with an Omni antenna mounted on the roof of your car, scan for networks and then assume that all of the Networks you find running without WEP or WPA and the like are open to attack.

Well no, this is not the case,

For example,

1. I know for a fact that there are a number of "honeypots" running that are open for the simple reason of wanting to be attacked, these are used for research purposes by individuals and companies.

2. Public wifi networks, such as the meshhopper style cannot use encryption, otherwise how would you get onto the Network in the first place to pay.

3. A number of companies use a combination of an open wireless networks and a VPN solution with RSA keys or SSH tunnels which is perfectly fine anyway since the all your traffic is sent over a secure tunnel even if your network is insecure.

Now to probe each network and find out what each setup entails would take an inordinate amount of time (believe me, i've done it, and even scripting the whole thing using tools such and kismet and ettercap, its still a lengthy process).

So this can only lead me to the conclusion that their statistics are incorrect, as in my tests I found presuming encryption on/off and an Access point name of "any" meant secure/insecure was wrong.

P.S. At home I use a PoE Wireless Access point (mounted on the roof) as a client (No WEP) running on CAT 5 to another access point inside the house running a second wireless network with, again, no WEP. The reason I do this is because the Wireless is provided for free from the County Council and I don't mind letting the neighbours using it.

Am I concerned about my information being sent securely ? I use a VPN Tunnel to a Co-Located machine and it would simply be easier to break into my house and rob the machine.

Regards, Keith


Next up we have the rather unpalatable news that the hacking community does not regard Mozilla/Firefox as sacrosanct and has written a nasty piece of code designed to get spyware and adware onto the machines of users running non-IE browsers:

How can you describe this as a security weakness in Firefox and other browsers when the user has to click to give permission for the install? If you actually read the dialog box the security certificate is invalid and was issued by a company that is not trusted.

How do you suggest that Firefox and other browsers should deal with this ? simply prevent installation of java at all times.

Any system can be compromised by user stupidity if you are prepared to download and execute software from unknown and untrusted sources then I don't know why you expect your browser to protect you !

Ian


"exploiting the vulnerabilities that exist in any complex browser"

Should this be a call to return to simple browsers ? Ones that do not integrate Java and ActiveX ? After all, there is no information on the web that calls for anything else than HTML, all the rest is just icing on top, icing that is real good at attracting flies (and worse). If Flash can be lumped into the "complex" category, and I've got a strong hunch it can, then I'm all for it. Long live pure HTML !

Pascal.


Well, sounds like we should all just go back about 15 years and start using lynx again.

Wouldn't hurt the quality of the web either - imagine banning frontpage and dreamweaver and all those other tools that generate massively bloated HTML and requiring web designers to write robust, clean HTML...

Ah.. the good old days...

Edwin


Yawn. So there's yet another "if the user clicks the button, they're infected" exploit. Why is this news? We already know users are idiots.

Next week in The Register: "Shocking New Evidence Proves Water is Wet!"

Steven


Get your facts straight, learn about computers and make sure your mouth (in your case your ass) is connected to your brain before commenting on something you obviously know nothing about.

Kevin

A direct brain-to-donkey connection, eh? Intriguing... We'll be back on Friday with an update from Muffin the Mule. ®

Combat fraud and increase customer satisfaction

More from The Register

next story
Spanish village called 'Kill the Jews' mulls rebranding exercise
Not exactly attractive to the Israeli tourist demographic
Oz bank in comedy Heartbleed blog FAIL
Bank: 'We are now safely patched.' Customers: 'You were using OpenSSL?'
Happy 40th Playmobil: Reg looks back at small, rude world of our favourite tiny toys
Little men straddle LOHAN, attend tiny G20 Summit... ah, sweet memories...
Forget the beach 'n' boardwalk, check out the Santa Cruz STEVE JOBS FOUNTAIN
Reg reader snaps shot of touching tribute to Apple icon
Lego is the TOOL OF SATAN, thunders Polish priest
New minifigs like Monster Fighters are turning kids to the dark side
Dark SITH LORD 'Darth Vader' joins battle to rule, er, Ukraine
Only I can 'make an empire out of a republic' intones presidential candidate
Chinese company counters pollution by importing fresh air
Citizens line up for bags of that sweet, sweet mountain air
Google asks April Fools: Want a job? Be our 'Pokemon Master'
Mountain View is prankin' like it's 1999...
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.